Open
Cached
·
just now
77/100
SECURITY SCORE
Certificate Information
Subject
CN=www.surajconfectionery.com
Issuer
C=US, O=Google Trust Services, CN=WR3
Valid From
October 08, 2025
Valid Until
January 07, 2026
60 days
Public Key
RSA
2048 bit
Adequate
Signature Algorithm
SHA256-RSA
SHA-256 Fingerprint
25:AE:3B:56:85:80:11:FB:3B:C5:50:D5:E4:09:C5:85:9E:3B:E2:C1:F4:D8:8D:DF:BC:0F:C2:05:2E:8A:86:0C
Alternative Names
Security Configuration
TLS Protocols
TLS 1.2
TLS 1.3
Forward Secrecy
Supported
(Modern clients use PFS)
HTTP Security Headers
Status
Strict-Transport-Security
Present
max-age=31556926
Content-Security-Policy
Missing
Not configured
X-Frame-Options
Missing
Not configured
X-Content-Type-Options
Missing
Not configured
Referrer-Policy
Missing
Not configured
Permissions-Policy
Missing
Not configured
Recommendations
- • Increase HSTS max-age to at least 1 year and add includeSubDomains
- • Add Content-Security-Policy header to prevent XSS attacks
- • Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking
- • Add X-Content-Type-Options: nosniff
- • Add Referrer-Policy header (recommended: strict-origin-when-cross-origin)
- • Consider adding Permissions-Policy to control browser features
CAA Records (Certificate Authority Authorization)
CAA Records
Not Configured
(Any CA can issue certificates)
CAA Issues
- • No CAA records configured - any CA can issue certificates
Recommendations
- • Implement CAA records to restrict which CAs can issue certificates for your domain
- • This adds an extra layer of security against unauthorized certificate issuance
- • Example: Add CAA record 'example.com. CAA 0 issue "letsencrypt.org"'
- • Consider adding 'iodef' record to receive security incident reports
Subject Alternative Names
100 domains
static.getintheloop.ca
giveaway.1ed.hk
www.4kpainting.ca
hdd-demo-3.5loyalty.com
alexandre-paradis.ca
appsforce.io
link.staging.arcadiapower.com
bimdoskol.cz
braintain.app
braseirocarnesnobres.com.br
www.cameronwillia.ms
www.capstel.com
cardwizard.ca
gcp-us-east1-10.dev.app.carto.com
cferris.net
chi.cafe
citation.network
otp.clau.io
neuralspace-prod-api.closedcaptionconverter.com
www.sakata.co.ke
userapp-dev.dry.co.kr
newsportal.codegene.io
convincing.link
crechecasadocaminho.com.br
darv.es
dbc.family
qa.demoworkspaceedu.com
dharshinisricrackers.com
www.digitalknow.how
dixper.es
www.documatept.com
www.dodd.ly
drivebt.io
members.eclub.golf
myaccount.educyogi.in
ebenefits.ewhallet.com
www.excuela.com
www.gamecreator.one
a-beta.getresponse.com
www.harpm.in
himbeerschnid.de
inborndeveloper.com
www.panel.colaboradores.inclub.world
admin.qa.invoicenxt.com
www.jaggerpowell.com
bestmusic.jampad.app
www.joshitravels.in
admin.staging.kavval.com
kiwiammunition.nz
link.kokobot.ai
kolarikova.cz
dev.app.konch.ai
kalender.mabrocks.de
www.marcellovalsecchi.ch
blog.martinmoser.at
maurotello.com.ar
businessriver.meawards.ie
www.menavarro.com
animize.my.id
molana.my.id
app.nedvizhka.kz
only2u.fr
mv-dev.onscene.team
pitchcenterapp.com
www.porinsenioriasunnot.fi
qrdocs.co.uk
staging.rakutenadvertising.io
www.rincell.com
boxauth.ruixi.se
scheduly.org
sercroche.com.br
serverful.io
app.skwad.io
software-craftsmen.io
timetable.sonhuynh.dev
lp.stand.fm
www.suited.fit
www.surajconfectionery.com
vws.surv.in
l.symptohealth.com
cards.teek.dev
m.app.tejasc.in
goapp.tele-club.ru
www.therapylife.in
bitcoinsnake.thndr.games
www.translated-into.com
auth.trypinnacle.app
www.tudorluca.com
m.starrewards.valero.com
vasarnapifoci.hu
vayuway.com
cryptoshelf.veruset.com
link.vpngate-connector.com
www.waltermullen.com
whatsintheboxny.com
account-d.whispp.com
auth.wholefoodearth.com
url.xcode.no
xman.io
invite.yeolpumta.com
Other domains in certificate